Code:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 18:21:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEKT-60V5T1 rev.12.01A12
Running: 5e0nkd9m.exe; Driver: C:\Users\Phie\AppData\Local\Temp\kwldapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EA55DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F526A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8EA5685E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EA5B2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EA5B330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EA5B422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EA5B252]
SSDT 8F2E8B9E ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EA5B29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EA5B3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EA55E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F526B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8EA55AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EA55E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EA58D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EA56B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EA5B30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EA5B352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EA5B446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EA5B278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EA5B3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EA5B2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EA5B400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F526CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EA569CE]
SSDT 8F2E8BA8 ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EA55EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EA55F28]
SSDT 8F2E8BA3 ZwSetContextThread
SSDT 8F2E8BAD ZwSetSecurityObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EA55B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EA55CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EA55C92]
SSDT 8F2E8BB2 ZwSystemDebugControl
SSDT 8F2E8B3F ZwTerminateProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EA55F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F526BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F53CD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E803C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82EC0D80 4 Bytes [F8, 5D, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EC0DA8 4 Bytes [5A, 6A, 52, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EC0E08 4 Bytes [5E, 68, A5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82EC0E5C 8 Bytes [E4, B2, A5, 8E, 30, B3, A5, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82EC0E68 4 Bytes [22, B4, A5, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8304DC64 5 Bytes JMP 8F539C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83066290 5 Bytes JMP 8F53B764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8307B3D7 4 Bytes CALL 8EA571B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830951E0 4 Bytes CALL 8EA571CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311F11A 7 Bytes JMP 8F53CD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC0E000, 0x2D51CE, 0xE8000020]
.text C:\windows\system32\DRIVERS\atksgt.sys section is writeable [0xAB7AA300, 0x3B6D8, 0xE8000020]
.text C:\windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAB7ED300, 0x1BEE, 0xE8000020]
.text kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes [E9, 0A, 5C, A3, 89] {JMP 0xffffffff89a35c0f}
.text user32.dll!UnhookWinEvent 767EB750 5 Bytes [E9, A7, 4C, A3, 89] {JMP 0xffffffff89a34cac}
.text user32.dll!SetWindowsHookExW 767EE30C 5 Bytes [E9, F3, 24, A3, 89] {JMP 0xffffffff89a324f8}
.text user32.dll!SetWinEventHook 767F24DC 5 Bytes [E9, 17, DD, A2, 89] {JMP 0xffffffff89a2dd1c}
.text user32.dll!SetWindowsHookExA 76816D0C 5 Bytes [E9, EF, 98, A0, 89] {JMP 0xffffffff89a098f4}
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002103FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00210804
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[440] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00210600
.text C:\windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00050A08
.text C:\windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000503FC
.text C:\windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00050804
.text C:\windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000501F8
.text C:\windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00050600
.text C:\windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\services.exe[568] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[568] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[584] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[584] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\lsm.exe[592] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[592] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[592] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[640] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[640] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[640] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[640] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[640] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[640] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 000C0600
.text C:\windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[732] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00230A08
.text C:\windows\system32\svchost.exe[732] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002303FC
.text C:\windows\system32\svchost.exe[732] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00230804
.text C:\windows\system32\svchost.exe[732] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002301F8
.text C:\windows\system32\svchost.exe[732] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00230600
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[836] user32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00410A08
.text C:\windows\system32\svchost.exe[836] user32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 004103FC
.text C:\windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00410804
.text C:\windows\system32\svchost.exe[836] user32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 004101F8
.text C:\windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00410600
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[852] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00250A08
.text C:\windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002503FC
.text C:\windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00250804
.text C:\windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002501F8
.text C:\windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00250600
.text C:\windows\system32\atiesrxx.exe[984] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\windows\system32\atiesrxx.exe[984] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\windows\system32\atiesrxx.exe[984] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[984] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\windows\system32\atiesrxx.exe[984] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\windows\system32\atiesrxx.exe[984] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00190A08
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001903FC
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00190804
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001901F8
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00190600
.text C:\windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 004C0A08
.text C:\windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 004C03FC
.text C:\windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 004C0804
.text C:\windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 004C01F8
.text C:\windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 004C0600
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00C80A08
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 00C803FC
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00C80804
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 00C801F8
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00C80600
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe[1164] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00140A08
.text C:\windows\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001403FC
.text C:\windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00140804
.text C:\windows\system32\svchost.exe[1264] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001401F8
.text C:\windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00140600
.text C:\windows\system32\AUDIODG.EXE[1292] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1304] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1356] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00530A08
.text C:\windows\system32\svchost.exe[1356] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 005303FC
.text C:\windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00530804
.text C:\windows\system32\svchost.exe[1356] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 005301F8
.text C:\windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00530600
.text C:\windows\system32\atieclxx.exe[1408] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\windows\system32\atieclxx.exe[1408] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\windows\system32\atieclxx.exe[1408] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[1408] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 002F0A08
.text C:\windows\system32\atieclxx.exe[1408] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002F03FC
.text C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 002F0804
.text C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002F01F8
.text C:\windows\system32\atieclxx.exe[1408] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 002F0600
.text C:\windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1544] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00590A08
.text C:\windows\system32\svchost.exe[1544] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 005903FC
.text C:\windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00590804
.text C:\windows\system32\svchost.exe[1544] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 005901F8
.text C:\windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00590600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] kernel32.dll!SetUnhandledExceptionFilter 771BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\WLANExt.exe[1620] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\WLANExt.exe[1620] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\WLANExt.exe[1620] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 000A0A08
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000A03FC
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExW 767EE30C 3 Bytes JMP 000A0804
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExW + 4 767EE310 1 Byte [89]
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000A01F8
.text C:\windows\system32\WLANExt.exe[1620] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 000A0600
.text C:\windows\system32\conhost.exe[1628] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[1628] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[1628] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[1628] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00150A08
.text C:\windows\system32\conhost.exe[1628] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001503FC
.text C:\windows\system32\conhost.exe[1628] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00150804
.text C:\windows\system32\conhost.exe[1628] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001501F8
.text C:\windows\system32\conhost.exe[1628] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00150600
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe[1748] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1776] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1776] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1776] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1776] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\windows\System32\spoolsv.exe[1776] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\windows\System32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[1852] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1888] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\windows\system32\Dwm.exe[1924] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[1924] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[1924] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[1924] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[1924] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[1924] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 000F0600
.text C:\windows\Explorer.EXE[1948] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[1948] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[1948] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\Explorer.EXE[1948] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[1948] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[1948] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[1948] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[1948] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00150600
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000A03FC
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000A01F8
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00240A08
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002403FC
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00240804
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002401F8
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[1992] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00240600
.text C:\windows\system32\taskhost.exe[2012] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[2012] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[2012] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[2012] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[2012] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[2012] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2076] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2120] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00260A08
.text C:\windows\system32\svchost.exe[2120] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002603FC
.text C:\windows\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00260804
.text C:\windows\system32\svchost.exe[2120] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002601F8
.text C:\windows\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00260600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2164] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00220600
.text C:\windows\system32\SearchFilterHost.exe[2244] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchFilterHost.exe[2244] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchFilterHost.exe[2244] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\windows\system32\SearchFilterHost.exe[2244] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001E0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2256] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001E0600
.text C:\windows\System32\svchost.exe[2400] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[2400] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[2400] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\PDF Complete\pdfsvc.exe[2476] user32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[2544] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[2544] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[2588] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2588] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2588] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2828] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\wbem\wmiprvse.exe[2924] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[2924] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[2924] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00090A08
.text C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000903FC
.text C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00090804
.text C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000901F8
.text C:\windows\system32\wbem\wmiprvse.exe[2924] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00090600
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000503FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000501F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000803FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00080804
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000801F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[3184] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00080600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3252] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\SearchProtocolHost.exe[3276] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000903FC
.text C:\windows\system32\SearchProtocolHost.exe[3276] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000901F8
.text C:\windows\system32\SearchProtocolHost.exe[3276] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00130A08
.text C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001303FC
.text C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00130804
.text C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001301F8
.text C:\windows\system32\SearchProtocolHost.exe[3276] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00130600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3348] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3388] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3456] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\Program Files\IDT\WDM\sttray.exe[3492] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\sttray.exe[3492] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\sttray.exe[3492] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[3492] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3564] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3572] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00210600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3584] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3592] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3616] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3660] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001A0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3696] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 003A0A08
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 003A03FC
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 003A0804
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 003A01F8
.text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[3720] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 003A0600
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00220A08
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002203FC
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00220804
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002201F8
.text C:\Users\Phie\Desktop\Sicherheit\5e0nkd9m.exe[3728] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00220600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001803FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3776] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00180600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00580A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 005803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00580804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 005801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3840] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00580600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3904] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\windows\system32\conhost.exe[4000] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[4000] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[4000] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[4000] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\conhost.exe[4000] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 000C03FC
.text C:\windows\system32\conhost.exe[4000] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 000C0804
.text C:\windows\system32\conhost.exe[4000] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\conhost.exe[4000] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 000C0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4144] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[4364] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4364] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[4364] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 002C0A08
.text C:\windows\system32\svchost.exe[4364] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002C03FC
.text C:\windows\system32\svchost.exe[4364] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 002C0804
.text C:\windows\system32\svchost.exe[4364] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002C01F8
.text C:\windows\system32\svchost.exe[4364] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 002C0600
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00180A08
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001803FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00180804
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001801F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00180600
.text C:\windows\system32\svchost.exe[4460] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4460] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4460] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 002F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4644] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 002F0600
.text C:\windows\system32\svchost.exe[4756] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4756] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4756] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[4756] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 002D0A08
.text C:\windows\system32\svchost.exe[4756] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002D03FC
.text C:\windows\system32\svchost.exe[4756] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 002D0804
.text C:\windows\system32\svchost.exe[4756] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002D01F8
.text C:\windows\system32\svchost.exe[4756] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 002D0600
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[4792] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[4936] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00200600
.text C:\windows\servicing\TrustedInstaller.exe[4988] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000903FC
.text C:\windows\servicing\TrustedInstaller.exe[4988] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000901F8
.text C:\windows\servicing\TrustedInstaller.exe[4988] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00130A08
.text C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001303FC
.text C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00130804
.text C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001301F8
.text C:\windows\servicing\TrustedInstaller.exe[4988] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00130600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5072] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00340A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 003403FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00340804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 003401F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5156] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00340600
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001703FC
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001701F8
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00190A08
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001903FC
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00190804
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001901F8
.text c:\program files\common files\installshield\updateservice\isuspm.exe[5204] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00190600
.text C:\windows\system32\svchost.exe[5232] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[5232] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[5232] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00210A08
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002103FC
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00210804
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002101F8
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5344] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00210600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5432] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00140600
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[5516] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\windows\System32\svchost.exe[5592] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[5592] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[5592] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[5612] KERNEL32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[5620] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 002F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5944] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 002F0600
.text C:\windows\system32\SearchIndexer.exe[6040] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[6040] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[6040] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001003FC
.text C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 00100804
.text C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001001F8
.text C:\windows\system32\SearchIndexer.exe[6040] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 00100600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] ntdll.dll!LdrUnloadDll 772AC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] ntdll.dll!LdrLoadDll 772B223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] kernel32.dll!GetBinaryTypeW + 70 771D69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!UnhookWindowsHookEx 767EADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!UnhookWinEvent 767EB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWindowsHookExW 767EE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWinEventHook 767F24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6048] USER32.dll!SetWindowsHookExA 76816D0C 5 Bytes JMP 001F0600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1612] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF24CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FD562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FD56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF2546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FE85AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE4D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FE5105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FE51DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FE6707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FE8301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FE8850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FE90B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FEE254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1948] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FE4C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3512] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3584] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe[4404] @ C:\windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT c:\program files\common files\installshield\updateservice\isuspm.exe[5204] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [752DFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:6000] 85C52F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3@1886ac875d8b 0xFE 0x5D 0xF9 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137715a3@143605774d6a 0x64 0x63 0xB4 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3@1886ac875d8b 0xFE 0x5D 0xF9 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137715a3@143605774d6a 0x64 0x63 0xB4 0xFA ...
---- EOF - GMER 1.0.15 ---- --- --- --- |